LEGADO SYSTEMS DATA PRIVACY POLICY

1. Use of Business Data.

  1. Legado Systems acknowledges that your Business Data belongs to you. You

    acknowledge and understand your Business Data is your sole responsibility including making and keeping back-up copies of your Business Data and your use and distribution of your Business Data is at your sole discretion and risk. You will be solely responsible for any claims or causes of action that may arise in connection with such use and distribution of your Business Data.

  2. Notwithstanding anything to the contrary herein, Legado Systems has no responsibility or liability for the deletion or accuracy of your Business Data or any other Business Data, the failure to store, transmit or receive transmission of your Business Data or any other Business Data (whether or not processed online), or the security, privacy, storage, or transmission of other communications originating with or involving use of Legado Systems products or services.

  3. Certain features of Legado Systems’ products and services may enable you to specify the level at which the product or service may restrict access to your Business Data. You are solely responsible for applying the appropriate level of access to your Business Data.

  4. You represent and warrant that you have all rights and authority to the Business Data, and that you approve and grant to Legado Systems the nonexclusive, nonterminable, royalty-free license to use and distribute your Business Data in connection with other Legado Systems products and services and the right at all times to ACCESS VIA THE INTERNET, OR OTHER MEANS OF COMMUNICATION, AS APPROPORIATE, YOUR EQUIPMENT AND SYSTEM AND TO ACCESS, COPY, OR USE YOUR BUSINESS DATA IN THE COURSE OF PROVIDING THE PRODUCTS AND PERFORMING THE SERVICES TO WHICH YOU HAVE CONSENTED:

    1. TO PERFORM EQUIPMENT MAINTENANCE, SOFTWARE SUPPORT SERVICES, SOFTWARE UPDATES, AND OTHER SERVICES ON YOUR BEHALF

    2. TO DIAGNOSE, MONITOR, AND OPTIMIZE THE PERFORMANCE OF SYSTEMS, SOFTWARE, AND NETWORKS

    3. TO COMPILE AND AGGREGATE STATISTICAL DATA TO ANALYZE, MEASURE, AND OPTIMIZE THE PERFORMANCE OF OUR PRODUCTS AND SERVICES AND TO PROVIDE TO OUR CUSTOMERS OUR PRODUCT AND SERVICE METRICS, SUBJECT TO THE FOLLOWING LIMITATIONS:

      1. LEGADO SYSTEMS WILL NOT ANALYZE OR COPY DATA IDENTIFYING AN INDIVIDUAL CONSUMER.

      2. LEGADO SYSTEMS WILL NOT DISCLOSE YOUR CONFIDENTIAL INFORMATION TO THIRD PARTIES, EXCEPT AS REQUIRED IN THE COURSE OF PROVIDING OUR PRODUCTS OR SERVICES. CONFIDENTIAL INFORMATION INCLUDES ANY MATERIALS OR

INFORMATION PROVIDED BY YOU TO LEGADO SYSTEMS WHICH IS NOT PUBLICILY KNOWN. CONFIDENTIAL INFORMATION DOES NOT INCLUDE INFORMATION THAT: (A) WAS IN THE PUBLIC DOMAIN AT THE TIME LEGADO SYSTEMS RECEIVED IT; (B) COMES INTO THE PUBLIC DOMAIN AFTER LEGADO SYSTEMS RECEIVED IT THROUGH NO FAULT OF LEGADO SYSTEMS; (C) LEGADO SYSTEMS RECEIVED IT FROM SOMEONE OTHER THAN YOU WITHOUT BREACH OF THEIR CONFIDENTIALITY OBLIGATIONS; OR (D) LEGADO SYSTEMS IS REQUIRED BY LAW TO DISCLOSE.

3. LEGADO SYSTEMS WILL USE SUCH DATA SOLELY TO CREATE ANALYSES IN AGGREGATED OR DERIVATIVE FORM IN DATABASES AND COMPILATIONS THAT DO NOT PERMIT INDENTIFICATION OF YOU, YOUR EMPLOYEES, OR INDIVIDUAL CONSUMERS;

iv. FOR ANY OTHER ACCESS OR USE TO WHICH YOU HAVE EXPRESSLY CONSENTED.

2. Personally Identifiable Information.
a. Legado Systems understands that in the course of your business, you may collect

personally identifiable information that may be nonpublic (“Personally Identifiable Information”) regarding consumers and your customers, and that your Business Data may include such Personally Identifiable Information. You represent and warrant that for products and services in which you disclose Personally Identifiable Information to Legado Systems, you will comply with all laws, regulations, rules, Federal Trade Commission guidelines, and other publicly known industry best practices regarding the collection, disclosure, and use of any Personally Identifiable Information, which may require you to provide consumers and customers with privacy notices and choices (for example, opt-outs regarding certain data sharing); and, that you will obtain all required consents from consumers and customers, and that you will also disclose to Legado Systems any required consents related to Legado Systems’ uses of the Personally Identifiable Information.

3. FTC Safeguards Rule.

  1. The Federal Trade Commission (FTC) Standards for Safeguarding Customer

    Information (16 CFR Part 314) (the “Safeguards Rule”) applies to parties considered to be financial institutions within the FTC’s jurisdiction under the Gramm-Leach-Bliley (GLB) Act. The Safeguards Rule, effective May 23, 2003, requires those parties to secure records and information from and about customers.

  2. This section applies to the extent you are subject to the Safeguards Rule, you share with Legado Systems your “Customer Information” (as defined in the Safeguards Rule), and in circumstances in which Legado Systems is a “Service Provider” (as defined in the Safeguards Rule).

c. Legado Systems will implement and maintain safeguards appropriate to protect the security, confidentiality, and integrity of your Customer Information. It is your responsibility to:

  1. Disclose to Legado Systems any relevant risks you identify regarding your Customer Information; and

  2. Identify the employee(s) who coordinate your Information Security Program.

  1. You are solely responsible for your compliance obligations under the Safeguards Rule. Legado Systems’ provision of products and services to you does not constitute nor will it be deemed to constitute a guarantee that your business follows any statute or regulation. Legado Systems’ review or approval of any of your systems, applications, processes, or procedures, does not constitute nor will it be deemed to constitute the assumption by Legado Systems of any responsibility or liability for compliance by you with any statute or regulation.

  2. You agree that you and third parties acting on your behalf have no right or authority to access or audit Legado Systems’ systems, applications, processes, procedures, or practices, except to the extent specifically authorized by Legado Systems.

4. Data Retention.
a. PLEASE CONSULT WITH YOUR LEGAL, TAX, AND/OR ACCOUNTING

ADVISOR FOR GUIDANCE ON DOCUMENT AND DATA RETENTION POLICIES APPLICABLE TO YOUR RECORDS. LEGADO SYSTEMS DOES NOT PROVIDE YOU WITH ADVICE REGARDING THE SUFFICIENCY OF YOUR DOCUMENT AND DATA RETENTION POLICIES.

5. Manufacturer and Third Party Vendor Data.
a. You agree that the manufacturers’ and third party vendors’ contracts for the

provision of data (including pricing data) to Legado Systems are written such that Legado Systems has no recourse whatsoever to the manufacturer or third party vendor for delays or inaccuracies in the data provided.

6. Internet Data Transmission
a. You agree to fully comply with the following conditions when ordering and

receiving information from Legado Systems through the Internet: i. Data Security

1. All consumer identifying information must be encrypted as it is delivered through the Internet. 128-bit SS/TLS or higher strength encryption is required.

ii. Network Topology

  1. Your Internet connection must be protected with dedicated,

    industry-recognized firewalls that are configured and managed to

    adhere to industry best practices.

  2. All administrative access to firewalls and servers should be

    through a secure internal network. Remote access must be configured so that the administrator dials into a LAN, is authenticated and verified, and then is granted access to the firewalls and servers from inside the network. No direct modem access should be available to firewalls or servers.

  1. No internal Internet Protocol (IP) addresses should be publicly available or natively routed to the Internet.

  2. The network should not provide any access to any firewall or servers without proper strong authentication or through the firewalls.

7. Amendment and Modification

a. Legado Systems reserves the right to amend or modify this Data Privacy Policy at any time and in any manner at Legado Systems’ sole discretion by: (a) posting a revision to our website; or (b) sending information regarding the amendment to the e-mail address you provide to us. YOU ARE RESPONSIBLE FOR REGULARLY REVIWEING OUR WEBSITE TO OBTAIN TIMELY NOTICE OF ANY AMENDMENTS OR MODIFICATIONS. YOU WILL BE DEEMED TO HAVE ACCEPTED SUCH AMENDMENTS OR MODIFICATIONS BY CONTINUING TO USE LEGADO SYSTEMS PRODUCTS AND SERVICES FOR MORE THAN 20 DAYS AFTER SUCH AMENDMENTS OR MODIFICATIONS HAVE BEEN POSTED OR INFORMATION REGARDING SUCH AMENDMENTS OR MODIFICATIONS HAS BEEN SENT TOU YOU.